University of Twente Student Theses
DoS attack on recursive resolvers with DNSSEC key-tag collisions
Bleeker, D.A. (2019) DoS attack on recursive resolvers with DNSSEC key-tag collisions.
|
PDF
290kB |
| Abstract: | DNSSEC was implemented to strengthen DNS and enable resolvers and end-users to validate the the integrity and origin of responses by using digital signatures. To speed up this verification, key-tags were introduced. In this paper we analyse an attack that uses key-tag collisions to generate enough computational overhead to render a recursive resolver unavailable (DoS attack). A zone with 65 keys with the same key-tag was set up on an authoritative name server, along with a resolver (Unbound and BIND) and an attacker, to simulate this attack. This paper concludes attempting to DoS a recursive resolver using DNSSEC key-tag collisions is viable, at least in theory. |
| Item Type: | Essay (Bachelor) |
| Faculty: | EEMCS: Electrical Engineering, Mathematics and Computer Science |
| Subject: | 54 computer science |
| Programme: | Computer Science BSc (56964) |
| Keywords: | DNS, DNSSEC, Key-tag collision, Attack, DoS, Resolver, RSA, CPU utilisation, Unbound, BIND |
| Link to this item: | https://purl.utwente.nl/essays/78777 |
| Export this item as: | BibTeX EndNote HTML Citation Reference Manager |
Show download statistics for this publication
Show download statistics for this publicationRepository Staff Only: item control page